Yes, Aaron Swartz taught us (well, at least President Obama) that we need to change to law to make it absolutely clear that what Aaron did was deserving of a lengthy prison sentence. With these changes in the law. Aaron's prosecution would have been an open and shut case: open the prison door and slam it shut for 10 years.

Among other things, penalties under Obama's plan would increase from a maximum five-year penalty to 10 years for pure hacking acts, like circumventing a technological barrier.

Dollars to donuts that at some point "providing the correct password" will be used as "circumventing a technological barrier" when trying to send to jail someone who was just doing their job and runs into information that is embarrassing to the government.

Yes, Aaron Swartz taught us (well, at least President Obama) that we need to change to law to make it absolutely clear that what Aaron did was deserving of a lengthy prison sentence. With these changes in the law. Aaron's prosecution would have been an open and shut case: open the prison door and slam it shut for 10 years.

Oh, right. I forgot that politicians think in a completely different way than normal, sane people do.

What if the hacker was using one of the same backdoors that the NSA enforced on companies to include in their products? Would that count as accessing an "unprotected system"or is that still a protected system because when they enforced those doors they wanted to be the only ones to use them?

Isn't this what his administration officials are doing every day with their hacking of civilian computers and warranties spying?I certainly didn't authorize them on any of my stuff and I'm sure the countless people they hack or intercept didn't give them permission to rifle through their stuff or install malware on their devices.What gives them the right to risk damaging or repurpose devises we've spent hundreds or thousands of dollars of our own money on, or risk bricking critical infrastructure routers to get their grubby code in them?If they ever applied the law to themselves I'd be a little less cynical but at this point it just seems like an excuse to intrude on everyone's privacy and actions even more, hacking everyone to make sure they're not hacking people?

I think it great that politicians that know nothing about computer technology write laws on the subject.

In fact, I'd like to extend this to computer literate individuals writing laws about politicians. Can't recite at least five sequential numbers in the Fibonacci sequence? 10 years for you, you filthy politician terrorist!

How about tracking down and arresting the hackers first? It seems like very few actual hackers are being arrested. From Target & Home Depot, to swatting, to DDOS attacks that take popular services offline.

All this will do is make it easy for the government to crack down on unpopular ideas and people. Oh, you've ripped a blu-ray disk to put on your iPad, here is 10 years in jail!

I find it bizarre that we don't do much of anything while hackers steal business designs and information, blueprints for destroyers, etc. etc. etc. But when they get a movie, suddenly it's a national emergency (not that this was the first movie pirated before release).

I also see some messy situations. Suppose at work we have a new keurig 2.0 machine, and it won't accept the fill-your-own cups. If a co-worker tells me I can take the lid off an official k-cup and put it on my refillable cup, that's probably conspiracy to subvert DCMA or something like that. But if the keurig machine is run by a computer (probably), and the lid of the correct cup is considered authorization, now I've broken another law... unless getting hot water is considered "use of the computer."

Isn't this what his administration officials are doing every day with their hacking of civilian computers and warranties spying?I certainly didn't authorize them on any of my stuff and I'm sure the countless people they hack or intercept didn't give them permission to rifle through their stuff or install malware on their devices.What gives them the right to risk damaging or repurpose devises we've spent hundreds or thousands of dollars of our own money on, or risk bricking critical infrastructure routers to get their grubby code in them?If they ever applied the law to themselves I'd be a little less cynical but at this point it just seems like an excuse to intrude on everyone's privacy and actions even more, hacking everyone to make sure they're not hacking people?

Interesting point. Who goes to jail when the state is the hacker? If Sony 'hacks' my computer with a shoddy root kit, does their american ceo do hard time? You know, since a corp is a person now.

The state calls its own violence law, but that of the individual, crime - Max Stirner

Well, even if my only "guns" are the words "hell no, I don't trust you and you're a hypocrital liar making excuses after excuses to sound good while ripping us off and subverting the people's rights", I'm gonna use those words and hope for the best.Dear God, let the pen be mightier than the sword, because you're right, they got some pretty big guns and lots of them.

The biggest danger of this kind of law, using this language, is that people will be "stupid" if they report a security flaw in some system. They can then be charged and jailed, using that report as evidence.

And it will not protect systems from the most dangerous hackers out there.

Any professional black hacker knows how to hack without leaving a trace or worse, set others the blame.

I think you should legislate a little better in this case and hear some experts on the matter... before complete the law.

The key principle of criminal law, regarding computer cracking, ought to be the same as for the rest of criminal law - it should be based upon actual harm. There are different levels of harm caused by different activities. Should we treat someone who is merely 'trespassing' in someone else's computer, having a look around, out of curiousity and to see what they can do, the same as we do someone who steals thousands of credit card credentials and sells them on the black market?

Someone who is taking a hike in the woods, and crosses your property line for a hundred yards, and then meanders off someone else, should not be treated the same way as someone who breaks into your home and rapes your daughter. That is clear to any reasonable person. Likewise with cracking - the severity of the charge and the punishment ought to coincide with actual harm done against the victim.

I mean, if some curious white-hat cracker gets into your system, has a look around, and then maybe fixes a problem you have with your computer (like the security hole that granted them access in the first place), should they go to jail, or be given an commendation (and possibly a job offer)?

The biggest danger of this kind of law, using this language, is that people will be "stupid" if they report a security flaw in some system. They can then be charged and jailed, using that report as evidence.

And it will not protect systems from the most dangerous hackers out there.

Any professional black hacker knows how to hack without leaving a trace or worse, set others the blame.

I think you should legislate a little better in this case and hear some experts on the matter... before complete the law.

This push probably has as much to do actual real hacker threats as the North Korea government had to do with the Sony hack. It's a phony boogeyman excuse, that little is obvious. Let's see, does it possibly give them more excuse to intrude on people's digital activities and communications...? Oh, now it makes sense!

How exactly do we define the limits of this terminology? What is the "computer owner"?

We all know Apple doesn't like porn. They forbid apps specific to it on the App Store. So, if I use my iPhone to access a mobile-enabled porn site, have I violated the law because I am using my phone in a way Apple doesn't like?

Yes, I own the phone, but that kind of ownership really only applies to hardware. Time and time again we're told that we don't "own" software, we "license" it. So if some lawyers wanted to get crafty, they could argue that unless you're running 100% FOSS, you don't technically have full ownership, and thus the software "owner" has rights under this sort of thing.

Some more things that seem they would become potentially illegal under this law:

* I borrow a friend's computer and listen to some music via Spotify on it that my friend absolutely despises. (I'm utilizing a system owned by someone else to access content that the owner doesn't approve of.)* I'm a Republican, and I borrow my Democrat friend's laptop, access my E-mail and shoot off a letter to the GOP. (Same as above.)° I use a port snooper or whatever to decode the protocol used by a piece of hardware so that a Linux driver can be written for it. (I own the hardware, but the manufacturer owns the firmware and protocol.)

This really does sound like it gives whoever is deemed the "owner" unilateral freedom to legally attack anyone who does anything they do not like with technology.

The real problem is that these loosely-worded laws have good intentions but invariably seem to get used for nefarious and even downright ridiculous purposes. While it's hard to pin down a specific, covers-all description of "hacking" that would protect all non-malicious hacking, leaving it *this* wide open is only going to make companies and organizations salivate at the legal opportunities it gives them to go after those they don't like.

How exactly do we define the limits of this terminology? What is the "computer owner"?

We all know Apple doesn't like porn. They forbid apps specific to it on the App Store. So, if I use my iPhone to access a mobile-enabled porn site, have I violated the law because I am using my phone in a way Apple doesn't like?

No.Because, Mr. Jobs himself said, if you want porn on your iPhone, then do it with the web browser.

Anybody who works with computer security will at some point knowingly and with intent, break a technological barrier. That's part of the territory. To fix it, you have to break it first.

This just shows that the administration is fucking petrified of "hackers" and wants to be able to throw anybody in that field in a padded cell if they don't like them.

They have to know they can't enforce this completely, otherwise the security industry would break. It's laws that are designed to be enforced selectively. Scary.

This is how it works for the physical world. Frequently, lock picking sets are illegal and require licensing to have, and if you're caught with them, you can go to jail. And other tools are considered the same way as well that are not licensed... if you're carrying around a crowbar, you're also likely to go to jail if you get caught with it.

We can made our internet security just like our real world police. I don't think there's been any issues with satisfaction of the police over the years, they seem to be very good at finding people who break into our cars and never wrongly accuse anyone and do anything crazy like shoot someone during a no knock raid because they were suspected of having something illegal but not being violent or anything.

I hope some of the readers who here recognize that introducing the government as our internet police, in every way (including introducing them into net neutrality enforcement, filtering sites, prosecuting computer hacking, etc), is very scary, they're overwhelmed with our physical security, so lets try to get that right before we handle more complicated stuff.

Someone who is taking a hike in the woods, and crosses your property line for a hundred yards, and then meanders off someone else, should not be treated the same way as someone who breaks into your home and rapes your daughter. That is clear to any reasonable person.

In my juristiction, the hiker isn't even 'tresspassing'. Despite what land-owners may post on signs, tresspass here requires entering a property with 'reasonable evidince of criminal intent' to stand up as a charge.

I wonder if it would be feasible to create the equivalent of a Private Investigator's license but for cyber security professionals.

Bearer's of this license or accreditation would then be able to enjoy a greater benefit of doubt from law enforcement in good faith that they are working with their white hats on (even when what they have done could be technically construed as having breached certain rules to a limited extent). Similar to how law enforcement don't fixate on PI's if they are constantly showing up in and around criminal investigations since their reason for being there is known and it's accepted that their intent is to provide a legal service.

It would also work out FOR law enforcement as when someone with one of these licenses would have to demonstrate a requisite level of knowledge regarding "hacking" as defined by the law. If law enforcement decides that one of these people has gone too far and intends to prosecute them, prosecutors can then prove the individual behaved in a manner in which its quite clear from their licensing that they know to be illegal.

I'd imagine there could still be some rather unpleasant implications as it still leaves a subjective element of what is "too far" and what is merely cutting a break for a good intentioned white hat security professional. So at the core of the issue I still think it comes back to the fact that it is a VERY BAD IDEA to have lawyers and politicians making law and policy about technology in which they have zero competency (or often even a sound understanding of the basics).

How exactly do we define the limits of this terminology? What is the "computer owner"?

We all know Apple doesn't like porn. They forbid apps specific to it on the App Store. So, if I use my iPhone to access a mobile-enabled porn site, have I violated the law because I am using my phone in a way Apple doesn't like?

Yes, I own the phone, but that kind of ownership really only applies to hardware. Time and time again we're told that we don't "own" software, we "license" it. So if some lawyers wanted to get crafty, they could argue that unless you're running 100% FOSS, you don't technically have full ownership, and thus the software "owner" has rights under this sort of thing.

Some more things that seem they would become potentially illegal under this law:

* I borrow a friend's computer and listen to some music via Spotify on it that my friend absolutely despises. (I'm utilizing a system owned by someone else to access content that the owner doesn't approve of.)* I'm a Republican, and I borrow my Democrat friend's laptop, access my E-mail and shoot off a letter to the GOP. (Same as above.)° I use a port snooper or whatever to decode the protocol used by a piece of hardware so that a Linux driver can be written for it. (I own the hardware, but the manufacturer owns the firmware and protocol.)

This really does sound like it gives whoever is deemed the "owner" unilateral freedom to legally attack anyone who does anything they do not like with technology.

The real problem is that these loosely-worded laws have good intentions but invariably seem to get used for nefarious and even downright ridiculous purposes. While it's hard to pin down a specific, covers-all description of "hacking" that would protect all non-malicious hacking, leaving it *this* wide open is only going to make companies and organizations salivate at the legal opportunities it gives them to go after those they don't like.

I don't even think the loose wording has good intentions here though. It seems like an obvious attempt to give them more ammo against whistleblowers, at least. There are already hacking laws when a crime occurs, but can you imagine when they can increase sentences for any sleight and use the same non-evidence and political misdirection they used with the Sony hack, but on anyone at will? How much did all our security experts denouncing the farce do? Now they want to increase the penalties they can apply to their politically corrupt accusations?If they had good intentions they would have used a real investigation and allowed real proof with the Somy hack. They just want their fabricated proofs to have more weight to lock people up longer it seems, since we let them get away with that false flag. Since they obviously lied about the Sony hack, ignoring the actual hackers to blame falsely for political purposes, I'm not trusting their intentions wanting to increase the sentences if they turn that same corrupt political machine on U.S. citizens.

I think it great that politicians that know nothing about computer technology write laws on the subject.

In fact, I'd like to extend this to computer literate individuals writing laws about politicians. Can't recite at least five sequential numbers in the Fibonacci sequence? 10 years for you, you filthy politician terrorist!

Isn't this what his administration officials are doing every day with their hacking of civilian computers and warranties spying?I certainly didn't authorize them on any of my stuff and I'm sure the countless people they hack or intercept didn't give them permission to rifle through their stuff or install malware on their devices.What gives them the right to risk damaging or repurpose devises we've spent hundreds or thousands of dollars of our own money on, or risk bricking critical infrastructure routers to get their grubby code in them?If they ever applied the law to themselves I'd be a little less cynical but at this point it just seems like an excuse to intrude on everyone's privacy and actions even more, hacking everyone to make sure they're not hacking people?

something something it's legal because by using software with backdoors we mandated be there but you didn't know existed you implicitly consented to us using those backdoors

American law has nothing to do with justice. It's all about control. What lawmakers are really saying is to do what they (who have been lobbied by the monied interests of this country) tell you to, or else.